Disclaimer: rooting your phone entails risk. You may brick it, cause it to catch fire, cause it to form the first node in the Skynet network, or otherwise render it inoperable. Please read the directions carefully to ensure that nothing unexpected happens. This rooting tool is as safe as I can make it, but there's never any guarantees.
After a very helpful suggestion from Surge1223, I managed to take an existing root exploit for the Xperia and modify it to work on 4.3 with SELinux enforcing. This installs su, SuperSU, and the necessary support files to enable the root.
This rooting process should work with a wide range of Android devices, particularly those running Linux Kernel before 3.5.5 (which most Android 4.3 ROMs use.) It 's known to work for may GS4 variants and is harmless if it fails to work (no "Warranty Void" flags get set.)
Again, using this WILL NOT set the "Knox Warranty Void" flag.
If you use XDA to e-mail me a question, SET YOUR XDA ACCOUNT UP TO ACCEPT MAIL.
If you are set up to refuse mail, then your question will be ignored. Actually, you shouldn't e-mail me. PM or post here.
Step 1 - setting up the USB drivers
Before you try using this rooting program, you'll need to have the USB drivers installed for your phone.
The easiest way to do this is to install Samsung Kies. If Kies sees your phone, you're OK for the drivers.
If you don't have the drivers working, the root installer will hang at "waiting for device..."
Step 2 - Enable USB Debugging
The second thing you must do is to enable USB debugging on your phone. Go to "Settings", "More...", then "Developer Options".
If "Developer Options" doesn't appear, then you'll need to enable it - go to "Settings", "More", "About Phone". Scroll down so the "Build Number" is visible, then tap on that several times until developer mode is enabled.
In Developer Options, make sure "USB Debugging" is checkmarked.
Step 3 - Enable USB ADB Access
Make sure that your computer is allowed to use USB debugging on your phone. To do this, unplug your phone and unlock it. Then, plug in the USB cable.
If you see an "Alllow USB debugging?" window pop up, tap on the "Always allow from this computer" to check it, then tap OK.
If you don't see that popup, it's OK, you should be OK to proceed.
That's it for the phone.
Step 4 - Unzip the saferoot.zip
Then you need to unpack the attached ZIP file somewhere onto your PC.
You should have the following when done:
- a file called "install.bat"
- a file called "install.sh"
- a folder called "files"
Step 5 - Root your phone
Double click on the "install.bat" to run the root. It will root and reboot your phone. Once that's done, you're rooted!
The first thing that the install script will ask you is whether or not to install Busybox. Busybox is a program that provides a fairly extensive set of Linux shell utilities that a Unix user would expect to see. If you're not going to be using the shell (terminal emulator or adb shell) then you may not want to install Busybox. You may, however, find that some root-required utilities assume that Busybox is installed.
If SuperSU asks you to update the su binary, choose the "Normal" method.
If SuperSU asks you about disabling Knox, allow it.
This exploit will NOT set the Knox Warranty Void flag. It will set the "Custom" flag, but that's nothing to worry about.
While you're running this, you'll need to keep the phone awake and watch both the computer running the rooting script and your phone.
You shouldn't unplug the phone unless you're prompted by the rooting script. Leave it connected until it's done.
Rooting on Linux and MacOS
The saferoot script has a copy of adb for MacOS and for Linux included.
To run this root, download and unzip the zip file. Open a shell window, use "cd" to change to the directory where you unpacked the zip, and type "sh ./install.sh". The OS will be detected automatically and the root should run basically as described above.
If the embedded adb fails, you'll need to have the Android Debugging Bridge (adb) installed and configured and on your path. You can test that it's ready by opening a shell (Terminal) window and typing "adb shell". If you get a shell prompt on the phone, type "exit" and you're ready to go.
Don't try to download this onto your phone and run it from there. That won't work, at least for the i545 (i.e. running it from the Terminal Emulator app will fail.)
Having troubles getting adb connected? There are several possible causes and solutions.
There are cases where people can't get the connection working unless they toggle the USB connection type from Camera to Media and back. Perhaps that may help getting it to work. Toggling the "Enable USB Debugging" apparently helps in some cases as well.
Important - please read
If you fail to read this, you will be taunted.
1. You can't install custom recovery and custom ROMs on a phone with a locked bootloader. This rooting program does not unlock your bootloader and won't allow you to flash custom on a locked device. However, NOTHING allows flashing a custom recovery on a bootloader locked phone at the moment. See Safestrap for a way to install some custom ROMs.
2. Resetting the "Custom" and open padlock indication during boot can be worked around using the Xposed Framwork and Wanam Xposed. Get those two from the Play Store. In Wanam, tick "Security Hacks", "Fake System Status".
3. If Saferoot fails with the messages
"Your kernel is patched!
This device is not supported."
That means that your device's Linux kernel has been updated to keep Saferoot from working. Unless you can downgrade to an older kernel, you can't use Saferoot.
Here's a list of phones and reported builds where this has been verified to work.
AT&T Galaxy Note 2 (SGH-I317), Android 4.3
AT&T Galaxy S3 (SGH-i747), MJB
AT&T Galaxy S4 (SGH-i337) MK2,MK6
AT&T Galaxy S4 zoom
Bell Mobility i337,MK6
Canadian Galaxy S4 SGH-I337M
Digicel (Jamaica) i9500, MK1
d2vzw s3 with the 4.3 update
Galaxy NX Camera, JDQ39
Galaxy Legend SCH-I200,MK2
Galaxy Note 2 GT-N7100, MK9
Galaxy Note 2 N7105 4.3
GT-I9192, MK4 (ML2 does not work)
Google Glass, (XRT73B), XR14
International Galaxy S4, I9505: MH6, MH8, MJ5, MKE, MKF
Edits: 12/12/13: This version of the zip file includes the adb.exe so you don't need to install ADB just for this.
I've also changed it so you shouldn't have to unzip to any special place.
12/13/13: I've swapped out Superuser for SuperSU. This version also installs busybox for you once the phone finishes rebooting.
12/14/13: Fixed install of busybox. Install SuperSU as Chainfire wants it: called Superuser.apk, installed into /system/app.
12/14/13: Move "Look at your phone and give permission" message to the top of the script.
12/15/13: Update source distribution to correspond to updates.
12/16/13: Rename to saferoot as it's not just for MJ7.
12/17/13: Update to fix "text file busy" errors
12/18/13: Correct the "text file busy" fix. Force su binary to be setuid root so root checkers will work.
12/18/13: Add more help in the "install.bat" for people having troubles getting adb working
12/18/13: Ensure the folder setup is right when starting install.bat
12/18/13: Give users time to allow su permissions
12/21/13: Disable SEAndroid before rooting
12/22/13: Install selinuxoff to set SELinux to Permissive mode at boot
12/23/13: Fix permission on selinuxoff binary, update SuperSU install and clean up rooting program
12/30/13: Remove selinuxoff program - it doesn't do anything. Updates to the install scripts.
1/6/14: Hard code kernel addresses for ATT Galaxy S4 so it takes less time to root.
1/6/14: Try to work around Knox deleting the su binary
1/10/14: Clear immutable bit on existing programs to allow them to be updated
1/12/14: Update to current SuperSU binary
1/13/14: Updates suggested by @bgmg
1/16/14: Correct typo in Linux/OSX installer
1/21/14: Really correct the typo. Add OS detection to install.sh so it can run on OSX or Linux without installing adb.
1/21/14: Update to current SuperSU
2/4/14: Detect when the phone is not rooted and don't continue the rest of the operations.
3/29/14: Install 'unroot' script and add unroot.bat/unroot.sh to allow simple removal of Saferoot changes.
4/4/14: Fix problem with unroot not running
4/30/14: Clearer error messages on root fail, allow user to choose installation of busybox
5/14/14: Fix typo in Unix install script, more text on why it failed.
5/24/14: Fix install.sh portability issue with double equals on test.
The source code for the exploit tool used for this rooting method is attached.
In addition, two common questions:
1. How do I unroot?
OK, so why are you so anxious to unroot just after rooting?
If you have used the current version of Saferoot to root your phone, then there's an unroot script installed to make this easy.
If you still have Saferoot unzipped, plug in your phone and use "unroot.bat" (Windows) or "unroot.sh" (Unix) to remove the changes that Saferoot made. Then, open SuperSU and instruct it to perform a "full unroot". After that, all changes that Saferoot have made to your device have been removed.
If you don't have the unroot.sh, then you can unroot manually as below.
There's two things you need to do to undo what this installer does. First, remove busybox. This will require adb shell or the use of Terminal Emulator to get a shell prompt. Execute the commands below at a shell prompt.
The "$" and "#" characters at the start of those lines are the system prompt. You don't type those.
Spacing, case, etc. matter. The letter after "type" in the "find" command is a lowercase L.
# mount -o remount,rw /system
# rm -f /system/etc/install-recovery-2.sh*
# rm -f /system/xbin/selinuxoff*
# find /system/xbin -type l | xargs rm
# rm /system/xbin/busybox
# mount -o remount,ro /system
The easiest way to do this is to install the "Terminal Emulator" app from the Play Store. Or use "adb shell" to get a shell prompt.
You can cut and paste the following to make it easier.
mount -o remount,rw /system
rm -f /system/etc/install-recovery-2.sh*
rm -f /system/xbin/selinuxoff*
find /system/xbin -type l | xargs rm
mount -o remount,ro /system
It's very likely that the "/system/xbin/selinuxoff" and "/system/etc/install-recovery-2.sh" files won't be there.
Now, open SuperSU and use "Settings", "Full unroot". When that's done, everything that this installer has done has been reverted.
If you've installed xposed framework or wanam, you should remove those and reboot BEFORE doing the SuperSU unroot. Also, if you've installed Safestrap you'll need to boot into SS recovery, delete the custom ROM slots, then uninstall Safestrap recovery. Or, uninstall the Safestrap application. If you forget to do these before doing the SuperSU unroot, you'll need to re-root to do those.
If you need adb to access your phone, there's a copy in the "files" directory included with the installer. You'll need to open a command prompt and use cd to change to the files directory before trying to use that adb.
2. How do I get rid of the "Custom" padlock open screen at boot?
You get that because you're running custom software. Samsung has an application that runs at boot to look for modified system files; this app detects that the phone has been modified and sets that flag.
If you really need to get rid of that, you can do the unroot in #1 above, then reboot. Wait about 10 minutes or so, then reboot again. If you haven't changed any other system files, the custom flag should have been reset.
If that doesn't fix it, flash the stock no-wipe ROMs from this forum. Those will undo whatever you've changed and allow the phone to reset the custom flag.
If you want to keep root while getting rid of that "Custom" flag, then you can fake it. Install xposed framework (google for it), enable it, then reboot.
Then install Wanam Xposed, and enable that module in xposed.
In Wanam, choose "Security Hacks", "Fake system status".
That will keep the "Custom" flag from appearing. This is a cosmetic fix, but it does get rid of the "Custom" screen.
There is really nothing specific to the I545 or MJ7 in this root tool. There's a good chance it'll work on anything currently running 4.3.
If you have success with other devices, please reply to let us know.